PROS AND CONS OF TODAY’S SURVEILLANCE
(PROGRESS OF SURVEILLANCE TECHNOLOGY)
Posted by Andrew Arismunandar in ITGS 11 on Friday, October 4th, 2013 at 5:54 am
Surveillance has developed through many changes all over the years. From human cautioness to
technology that can watch your every move. Surveillance has it’s merits as it helps authority to
capture criminals and terrorists, from recent tragedies. However surveillance has changed into
something more advanced, as it has the ability to track your personal information such as friends,
family and even your bank account. This has been proven with the recent NSA leak, as the NSA
has the technology to have full information of individuals from the US and even other countries.
Technology has taken surveillance into the next level. This is the peak of surveillance where we
question ourselves whether surveillance is actually necessary, as power of the technology that
was leaked by Edward Snowden has shown. Right now it shows two ways of how surveillance
will be used years from today.
The benefit of using surveillance with current technology is that if it is used correctly, the NSA
has the ability to predict a terrorist attack thus preventing innocent lives lost (similar to the
Precrime system in the film Miniority Report). As previous renditions of surveillance such as
CCTV cameras will only assist identifying criminals right after they have finished the job. The
government spying on your privacy won’t be problem unless you’re a criminal trying to harm
others. After all it is the government’s job to make sure that everyone is safe and this is them
taking the next step. The NSA knows that everyone is scared when they know that the
government has more access to our privacy than ever before and they think it is for the good of
the public for them not to know. But they should’ve known better that it is for the public to
decide, as the people’s voice counts as well not just the government. But yet again what about
the first time when they announced the CCTV cameras? Wouldn’t people freak out as much as
they did today, when they know someone is watching your every move? But what about now?
We see CCTV cameras everyday and it doesn’t bother so much since we are comfortable by
now. Not to mention it has helped the police to capture terrorists a lot easier and much efficiently
before they can initiate their next attack. It could be the same case with the PRISM surveillance
program and that it will take time for the public to get used to. Since we’re talking about how the
PRISM technology is taken to a larger scale, what about PRISM technology in a smaller scale?
If you pay attention enough, there is an application called “Remote Desktop”. This allows an
admin to watch individual computer activities and can even control the computer itself by
manipulating with the controls of that particular computer and even block the computer itself.
Although it only works with a particular server, the computer to be online and also if the admin
has permission from the computer itself. This technology can be very useful to track students or
employees to make sure that they are working on their computers. It is stricter but it helps people
to be productive and make sure that they work. Even if they somewhat reveal their personal
information but should they bother to do such a thing when they are working or aware that they
are currently watched by someone superior? This has been proven that we are slowly going into
the next stage of surveillance.
However there are disadvantages with such advanced technology. That is the ones who wields it.
Admins are humans too, which means that there are chances for them to abuse the technology for
his or her’s personal needs. The problem arises when they have the ability to cause damage as
well as much as what they are trying to prevent. Such as that admins can steal through the use of
their personal information or to plan out a perfect murder by using the information that they
collected throughout their stalking. It’s even worse the fact that the government is using it as
well. When someone with authority wields more power over the people the damage done could
be much worse. Such as corruption will be much more efficient and also blackmail. But I
These advantages will be something that we will overcome overtime. We are aware of this issue
and so as the government. Although it is good to cautious about our government, but yet again
there are honest people as well that are working within the government. Honest men like Edward
Snowden will leak important information to the public when necessary, the point is that there are
men like Edward Snowden that works for the government, which is something that we need to
remember as well. Also to keep in mind that as our technology moves forward, we might use AIs
instead to do the surveillance work. If you’re thinking that a rebellious AI in movies such as
Eagle Eye or 2001: Space Odyssey might happen, it will the matter of intelligence we put in the
machine (which is another topic entirely and for another discussion). However it is possible to
make things simpler such as having the AI report on someone that is going to Facebook instead
of working on their school work or office work, well when it comes to a smaller scale that is.
Only the future can tell for now for what the government will do with the PRISM program.
In conclusion I would say that this is the next step of surveillance, it’s either we move forward to
a possible better future. I do realize that people are afraid of how advanced what we created has
become, but it is necessary for people to take risks in order to move forward. So I firmly believe
that surveillance technology will bring more benefit than good.
Donate for the Cryptome archive of files from June 1996 to the present
24 February 2000: Link to Presentation and Analysis Volume 1/5, by Peggy Becker, October 1999. Volume 1 re
20 August 1999
Source: Hardcopy of 61 pages. Thanks to Sten Linnarsson.
This is part 1 of 4 of "Development of Surveillance Technology and Risk of Abuse of Economic Information
technologies of political control)."
Part 2: "The legality of the interception of electronic communications: A concise survey of the principal legal iss
international, European and national law," by Prof. Chris Elliott: http://cryptome.org/dst-2.htm
Part 3: "Encryption and cryptosystems in electronic surveillance: a survey of the technology assessment issues,"
Part 4: "The state of the art in Communications Intelligence (COMINT) of automated processing for intelligence
broadband multi-language leased or common carrier systems, and its applicability to COMINT targeting and sel
recognition," by Duncan Campbell: http://www.iptvreports.mcmail.com/stoa_cover.htm [dead]
Campbell's report: http://cryptome.org/jya/ic2000.zip (981KB)
SCIENTIFIC AND TECHNOLOGICAL OPTIONS ASSESSMENT
DEVELOPMENT OF SURVEILLANCE
TECHNOLOGY AND RISK OF ABUSE
OF ECONOMIC INFORMATION
(An appraisal of technologies of political control)
The perception of economic risks arising from the potential vulnerability
of electronic commercial media to interception
Survey of opinions of experts
Working document for the STOA Panel
Luxembourg, May 1999 PE 168.184/Int.St./part 1/4
Directorate General for Research
Part 1/4 of:
DEVELOPMENT OF SURVEILLANCE TECHNOLOGY AND
RISK OF ABUSE OF ECONOMIC INFORMATION
(An appraisal of technologies of political control)
Workplan Ref.: EP/IV/B/STOA/98/1401
Publisher: European Parliament
Directorate General for Research
The STOA Programme
Author: Mr Nikos BOGONIKOLOS - ZEUS E.E.I.G.
Editor: Mr Dick HOLDSWORTH, Head of STOA Unit
Date: May 1999
PE number: PE 168. 184/Int.St./1/4
This document is a working Document for the 'STOA Panel'. It is not an official publication of STOA.
This document does not necessarily represent the views of the European Parliament.
PART A: OPTIONS
General overview of the outcome of the survey (interim stage)
Views on privacy collected from the survey
General privacy issue
The market for privacy
The role of industry
The need for European legislation
Options for action on surveillance and privacy
PART B: ARGUMENTS AND EVIDENCE
Examples of Abuse of Economic Information
PART C: TECHNICAL FILE
Surveillance and Privacy
Risks Inherent in Data Surveillance
2. SURVEILLANCE: TOOLS AND TECHNIQUES - Current technologies
1. Visual Surveillance
2. Audio Surveillance
3. Phone Tapping and Encryption
4. Voice and Word Pattern Recognition
5. Proximity Smart Cards
6. Transmitter Location
7. E-mail at Workplace
8. Electronic Databases
9. The Internet
3. THE USE OF SURVEILLANCE TECHNOLOGY SYSTEMS FOR THE
TRANSMISSION AND COLLECTION OF ECONOMIC INFORMATION
3.1 CALEA System
3.2 ECHELON Connection
3.3 Inhabitant identification Schemes
4. THE NATURE OF ECONOMIC INFORMATION SELECTED BY SURVEILLANCE
A. From telecommunication systems
B. From new information technologies (Internet)
C. Some examples of data collection on the Internet
5. PROTECTION FROM ELECTRONIC SURVEILLANCE
A. Encryption (Cryptography)
Private sector initiatives
B. Key - recovery
Encryption and the global information infrastructure
Key-Recovery: Requirements and proposals
6. SURVEILLANCE TECHNOLOGY SYSTEMS IN LEGAL AND REGULATORY
A. Privacy regulation
Multinational data protection measures
Data protection directive in Europe
Privacy regulation in the United States
B. Protection of Privacy in the telecommunications sector
Cryptography policy in USA
Cryptography policy guidelines from OECD
E. U. cryptography policy
Other national and international activities related to cryptography policy
D. Key recovery
E. European Initiatives
DLM-FORUM- Electronic Records
Promoting Safe Use of Internet
PART A: OPTIONS
The present study, 'Development of surveillance technology and risk of abuse of economic
information' presents the interim results from a survey of the opinions of experts, together with
additional research and analytical material by the authors. It has been conducted by ZEUS
E.E.I.G. as part of a technology assessment project on this theme initiated by STOA in 1998 at
the request of the Committee on Civil Liberties and Internal Affairs of the European Parliament.
This STOA project is a follow-up to an earlier one entitled: "An appraisal of technologies of
political control" conducted for the same Committee. The earlier project resulted in an Interim
Study (PE 166.499) written by OMEGA Foundation, Manchester, and published by STOA on
January 1998 and later updated (September 1998).
In the earlier study it was reported that within Europe all fax, e-mail and telephone messages are
routinely intercepted by means of what is called the ECHELON global surveillance system. The
monitoring was said to be "routine and indiscriminate". The ECHELON system formed part of
the UKUSA system, but unlike many of the electronic spy systems developed during the cold
war, ECHELON was said to be designed for primarily non-military targets: governments,
organisations and businesses in virtually every country.
In the present study the authors were requested to investigate the use of surveillance technology
systems, for the collection and possible abuse of sensitive economic information.
The principal method selected was a procedure of data collection and processing based on a
modified DELPHI method (to be referred to here as "the survey"). Under this method, a list of
potential sources of data was prepared. These were some 49 experts from universities, industrial
and commercial undertakings in the informations and telecommunications technology sector, as
well as a smaller number of persons in international or governmental organisations. The experts
were drawn from 11 Member States of the European Union, plus Cyprus, Norway and
The next step was the collection of the data. This was mostly achieved by direct interviews of the
experts, with the use of a questionnaire. The views (data) were processed and a convergence
examination performed. The convergence procedure was based on a recursive approach for the
exclusion of the non-reliable data. The last step was the drawing of the analytical results.
General overview of the outcome of the survey
The predominant view among the experts was that since nowadays almost all economic
information is exchanged through electronic means (telephone, fax, e-mail), and, in addition, all
digital telecommunication devices and switches have enhanced wiretapping capabilities, for
these reasons they suggested that we must focus on the protection of the data when transmitted
(using encryption products), on the use of government-approved encryption products and on the
adoption of common standards concerning encryption and key-recovery products. The position
could be summed up in the statement that 'since it is difficult to prove that economic information
has been captured by ECHELON system and passed on by the NSA, we have to consider privacy
protection in a global international networked society'.
In summary, therefore, we see that two perceptions of this question emerge: (1) a concern about
the possible threat to privacy and economic and civil rights potentially posed by global
clandestine electronic surveillance systems operated by large and powerful secret government
agencies, and (2) anxiety about the problems of commercial and personal privacy which arise
now that so much commercial and other communications traffic is conducted over the Internet.
Managers of businesses engaged in electronic commerce may perhaps be concerned about global
clandestine surveillance systems: what is certain is that they are worried in a more familiar way
about threats to commercial security posed by the nature of the new electronic business media
and their possible vulnerability to interception by competitors and fraudsters.
Reflecting the feedback from the survey, the present study tends to reflect Perception 2, whereas
the earlier one of 1998 tended to reflect Perception 1.
Advances in information and communication technologies have fostered the development of
complex national and international networks which enable thousands of geographically dispersed
users to distribute, transmit, gather and exchange all kinds of data. Transborder electronic
exchanges -- private, professional, industrial and commercial -- have proliferated on a global
scale and are bound to intensify among businesses and between businesses and consumers, as
electronic commerce develops.
At the same time developments in digital computing have increased the capacity for accessing,
gathering, recording, processing, sorting, comparing and linking alphanumeric, voice and image
data. This substantial growth in international networks and the increase in economic data
processing have arisen the need at securing privacy protection in transborder data flows.
Today, it is not necessary to define new principles for the protection of data (and privacy) in an
expanding global electronic environment. It is necessary to define the appropriate means of
putting the established principles into practice, particularly on the information and
An active education strategy may be one of the ways to help achieve on-line and privacy
protection and to give all actors the opportunities to understand their common interests.
Common technological solutions can assist in implementing privacy and data protection
guidelines in global information networks. The general optimism about technological solutions,
the pressure to collect economic information and the need for political and social policy
decisions to ensure privacy must be considered.
The growth in international networks and the increase in economic data processing have arisen
the need at securing privacy protection in transborder data flows and especially the use of
contractual solutions. Global E-Commerce has changed the nature of retailing. There were great
cultural and legal differences between countries affecting attitudes to the use of sensitive data
(economic or personal) and the issue of applicable law in global transaction had tope resolved.
Contracts might bridge the gab between those with legislation and the others.
Since Internet symbolised global commerce, faced with a rapid expansion in the numbers of
transactions, there is a need to define a stable lasting framework for business. Internet is
changing profound the markets and adjusting new contracts. To that reality is a complex
Views on privacy collected from the survey
In this section the experts' views on the various privacy issues are reported. The information was
mostly collected by direct interviews of the experts, based on a predefined questionnaire.
General privacy issues
Privacy can be a contentious subject because it means different things to different people. The
definition given is: "Privacy is the claim of individuals, groups, or institutions to determine for
themselves how, when and to what extent information about them is communicated to others"
A clear problem expressed is that in an electronic environment, it becomes hard to differentiate
between a private and public place and therefore what should be protected and what should
It was argued that is unreasonable for the society to subsidise the cost of individuals to maintain
their privacy, pointing out that most people will choose utility over security (and consequently
It was suggested that privacy in many ways sacrifices other goods (time, effort and energy
among them) in order to obtain it.
Three basic tools necessary for privacy protection were outlined: notice (to the data supplier),
consent (to the consumer), and accountability.
Although accountability may be essential to ensuring privacy, it unfortunately conflicts with the
anonymity, privacy implies. For any commerce to take place on the Internet, therefore, some
level of anonymity and therefore privacy must be sacrificed. The question to be answered is "
how much and who will decide".
The market for privacy
When the European Commission adopted the privacy directive (95/46/EC), it stated that privacy
protection is a central precondition to consumers' acceptance of electronic commerce.
Accordingly, a critical issue experts argued, was whether there was a "market failure' in the
electronic environment that required some sort of government intervention to ensure data
Some experts responded that data privacy is not purely a public good, and so at some point
someone will have a market incentive to protect it. Some corporations that have tried to market
their strong privacy protection have yet to see any results and have concluded that: "privacy
doesn't sell". Other industries have marketed privacy successfully (such as the cellular telephone
industry) which could mean that the public demands for privacy are forthcoming and will
eventually be profitable.
They feel that a question to be answered is: Who governs the responsibility of the information
collector, or does society have to impose a sense of responsibility?"
The role of industry
Most experts expressed the view that the information industry should be primarily self-
regulated: the industry is changing too rapidly for government legislative solutions, and most
corporations are not simply looking at National or European but at global markets, which
national governments cannot regulate.
Indeed several experts expressed the fear that any European attempt to allow USA to oversee
(via global surveillance systems) data would lead to abuses by the government or other
They noted that many companies (such as Citibank) already inform consumers and clients that,
unless told otherwise, they will disclose information to their affiliates. They suggested that a
simple seal on the home page of a Web site, declaring that a company adheres to certain
industry privacy standards might cease the fears of the public and offer some level of
Alternatively, they suggested that the media could act as an effective watchdog, informing
consumers and companies of what information is being collected about them and how that
information is being used.
They also noted that multinational companies could better negotiate for themselves across
national boundaries than governments can. Electronic commerce is unlikely to gain popularity
until the issues of notice, consent and recourse have been resolved. The market will force
companies wishing to participate in this medium to address and solve these concerns.
The need for European legislation
Experts took the view that the European Parliament must now ask how, in a world of the
Internet, one reconciles the objectives of protecting both: privacy and free flow of information.
In recent years there have been disclosures that unauthorised individuals have examined
financial information from the Internal Revenue Service in USA. Several experts pointed to the
flap over the decision by the Social Security Administration in USA to provide companies
account information on-line. Each of these examples suggests that protecting data privacy may
be a great challenge for the European Parliament.
Experts agreed that the European Parliament should play a role in creating a standard for
disclosure. Several experts went further and argued the need of a privacy agency within the
European Union to act as an ombudsman and to represent privacy interests, so that in debates
between European Union and USA there is someone whose responsibility would be to protect
Whatever several experts believe the appropriate role for national governments to be in
ensuring privacy in an electronic environment, some "private regulation" is already occurring on
the Internet by the computer engines, who write code and decide computer standards. In fact
experts suggested that when encryption software becomes ubiquitous it will push Internet
commerce because it allows for potentially anonymous transactions, which will solve privacy
issues by default.
It was pointed out that a group of high-tech companies in co-operation with standardisation
organisations should agree on a web-based standard that would allow companies and
consumers to interact with data collectors and inform them of what information they would be
comfortable having disclosed to other parties.
Options for action on surveillance and privacy
The policy options for consideration by the committee on Civil Liberties and Internal Affairs of
the European Parliament which emerged from the survey are:
Authorities in the EU and Member States should:
engage in a dialogue involving the private sector and individual users of networks in order to
learn about their needs for implementing the privacy guidelines in the global network;
undertake an examination of private sector technical initiatives;
encourage the development of applications within global networks, of technological solutions
that implement the privacy principles and uphold the right of users, businesses and consumers
for protection of their privacy in the electronic environment.
Drafting methods for enforcing codes of conduct and privacy statements ranging from
standardisation, labelling and certification in the global environment through third-party audit
to formal enforcement by a regulatory body.
Definitions of the transactions which must remain anonymous, and technical capabilities for
providing anonymity need to be specified.
Enforcement for the adoption of adequate standards (cryptography and key encryption) from all
E.U. member states. Multilateral agreements with other countries could then be negotiated.
Drafting of common guidelines of credit information use (in each member state of the E.U.
different restriction policies exist). It must be dear how those restrictions could apply to a
globally operating credit reference agency.
Drafting of common specifications for cryptography systems and government access key
recovery systems, which must be compatible with large scale, economical, secure cryptographic
Enforcement for the adoption of special authorisation schemes for Information Society Services
and supervision of their activities by National Authorisation Bodies.
Drafting of a common responsibilities framework for on-line service providers, who transmit and
store third party information. This could be drafted and supervised by National PTTs.
The European Parliament should examine critically proposals from the US for the elimination of
cryptography and the adoption of encryption controls supervised by US Agencies.
Annual statistics and reporting on abuse of economic information by any means must be
reported to the Parliament of each member state of the E.U.
Measures for encouraging the formal education systems of each member state of the E.U. or the
appropriate European Training Institute/Organisation to take up the general task of educating
users in the technology and their rights.
PART B: ARGUMENTS AND EVIDENCE
Nowadays almost all economic information is exchanged through electronic means (telephone,
fax, e-mail). In addition, all digital telecommunication devices and switches have enhanced
wiretapping capabilities. As a conclusion we have to consider privacy protection in a global
international networked society. And when we speak about electronic protection and privacy in
the exchange of economic information, we actually speak for electronic commerce over the
The information society promises economic and social benefits for all: citizens, companies and
governments. Advances in information and communication technologies have fostered the
proliferation of private, professional, industrial and commercial transborder electronic exchanges
on a global scale which are bound to intensify among businesses and between businesses and
consumers as electronic commerce develops. New methods for processing the vast accumulation
of data -such as data mining techniques- make it possible, on the basis of demographic data,
credit information, details of on-line transactions etc, to identify new kinds of purchasing
patterns or unusual relationships.
Indeed, compliance with rules governing the protection of privacy and personal data is crucial to
establishing confidence in electronic transactions, and particularly in Europe, which has
traditionally been heavily regulated in this area. The development of the global information
society makes the convergence of government policies, the transparency of rules and regulations
and their effective implementation on economic and social life. In particular, in the context of
electronic commerce, the development of on-line commercial activities hinges to a large extent,
not only on the faith consumers have in business in terms of guaranteed product delivery or
security payment systems, but also on the confidence that users and consumers will have in the
ways that businesses handle their personal data.
To operate with confidence on the global networks, most consumers need assurance that their
on-line activities and electronic transactions will not be collected or used without their
knowledge or made available to parties other than their initial correspondents. Neither linked to
other data about them in order to compile behavioural profiles without their consent.
The importance of information and communication systems for society and the global economy
is intensifying with the increasing value and quantity of data that is transmitted and stored on
those systems. At the same time those systems and data are also increasingly vulnerable to a
variety of threats such as unauthorised access and use, misappropriation, alteration and
destruction. Proliferation of computers, increased computing power, interconnectivity,
decentralisation, growth of networks and the number of users, as well as the convergence of
information and communication technologies, while enhancing the utility of these systems, also
increase system invulnerability.
Cryptography is an important component of secure information and communication systems
and a variety of application have been developed that incorporate cryptographic methods to
provide data security.
Although there are legitimate governmental, commercial and individual needs and uses for
cryptography, it may also be used by individuals or entities for illegal activities, which can affect
public safety, national security, the enforcement of laws, business interests, consumers interests
or privacy. Governments together with industry and the general public, are challenged to develop
balanced policies to address these issues.
Cryptography uses an algorithm to transform data in order to render it unintelligible to anyone
who does not possess certain secret information (the cryptographic "key"), necessary for
decryption of the data. Within the new concept of cryptography, rather than sharing one secret
key, the new design uses two mathematically related keys for each communication party: a
"public key" that is disclosed to the public and a corresponding "private key", that is kept secret.
A message that is encrypted with a public key can only be decrypted by the corresponding
An important application for public key cryptography is "digital signature", which can be used to
verify the integrity of data or the authenticity of the sender of data. In this case, the private key is
used to "sign" a message, while the corresponding public key is used to verify a "signed"
Public key cryptography plays an important role in developing information infrastructure. Much
of the interest in information and communication networks and technologies centres on their
potential to accommodate electronic commerce; however open networks such as the Internet
present significant challenges for making enforceable electronic contracts and secure
Since Electronic Commerce on one hand is one of the key strategies of the European Union and
the privacy protection on the other hand, one of its main principles, E.U. in 1998 released three
"key" working documents:
Proposal for a European Parliament and Council Directive on certain legal aspects of Electronic
Commerce in the internal market [ COM(1998) 586 final].
Proposal for a European Parliament and Council directive on a common framework for
electronic signatures [COM (1998)297 final].
Ensuring security and trust in electronic communication: "Towards a European framework for
digital signatures and Encryption" [COM(1997) 503 final].
Increasing the number of people with authorised access to the critical infrastructure and to
business data, will increase the likelihood of attack, whether through technical means, by
exploitation of mistakes or through corruption. Further "key-recovery" requirements to the
extent that they made encryption can have the effect of discouraging or delaying the deployment
of cryptography in increasingly vulnerable computing and communication networks.
As the Internet and other communications systems reach further into everyday lives, national
security, law enforcement and individual privacy have become perilously intertwined.
Governments want to restrict the free flow of information; software producers are seeking ways
to ensure consumers are not bugged from the very moment of purchase. The US is behind a
world-wide effort to limit individual privacy and enhance the capability of its intelligence
services to eavesdrop on personal conversations. The campaign has had two legal strategies: the
first made it mandatory for all digital telephone switches, cellular and satellite phones and all
developing communication technologies to build in surveillance capabilities; the second sought
to limit the dissemination of software that contains encryption, a technique which allows people
to scramble their communications and files to prevent others from reading them. The first effort
to heighten surveillance opportunities was to force telecommunications companies to use
equipment designed to include enhanced wiretapping capabilities. The end goal was to ensure
that the US and its allied intelligence services could easily eavesdrop on telephone networks
anywhere in the world. In the late 1980s, in a programme known internally as 'Operation Root
Canal', US law enforcement officials demanded that telephone companies alta their equipment to
facilitate the interception of messages. The companies refused but, after several years of
lobbying, Congress enacted the Communications Assistance for Law Enforcement Act (CALEA)
CALEA requires that terrestrial carriers, cellular phone services and other entities ensure that all
their ' equipment, facilities or services' are capable of expeditiously. . . enabling the
government...to intercept... all wire and oral communications carried by the carrier...concurrently
with their transmission.' Communications must be interceptable in such a form that they could be
transmitted to a remote government facility.
Manufacturers must work with industry and law enforcement officials to ensure that their
equipment meets federal standards. A court can fine a company US$10,000 per day for each
product that does not comply.
The passage of CALEA has been controversial but its provisions have yet to be enforced due to
FBI efforts to include even more rigorous regulations under the law. These include the
requirement that cellular phones allow for location-tracking on demand and that telephone
companies provide capacity for up to 50,000 simultaneous wiretaps.
While the FBI lobbied Congress and pressured US companies into accepting a tougher CALEA,
it also leaned on US allies to adopt it as an international standard. In 1991, the FBI held a series
of secret meetings with EU member states to persuade them to incorporate CALEA into
European law. The plan, according to an EU report, was to 'call for the Western World (EU, US
and allies) to agree to norms and procedures and then sell their products to Third World
countries. Even if they do not agree to interception orders, they will find their
telecommunications monitored by the UK-USA signals intelligence network the minute they use
the equipment.' The FBI's efforts resulted in an EU Council of Ministers resolution that was
quietly adopted in January 1995, but not publicly released until 20 months later. The resolution's
text is almost word for word identical to the FBI's demands at home. The US government is now
pressuring the International Telecommunications Union (ITU) to adopt the standards globally.
The second part of the strategy was to ensure that intelligence and police agencies could
understand every communication they intercepted. They attempted to impede the development of
cryptography and other security measures, fearing that these technologies would reduce their
ability to monitor the emissions of foreign governments and to investigate crime.
These latter efforts have not been successful. A survey by the Global Internet Liberty Campaign
(GILC) found that most countries have either rejected domestic controls or not addressed the
issue at all. The GILC found that 'many countries, large and small, industrialised and developing,
seem to be ambivalent about the need to control encryption technologies'.
The FBI and the National Security Agency (NSA) have instigated efforts to restrict the
availability of encryption world-wide. In the early 1970s, the NSA's pretext was that encryption
technology was 'born classified' and, therefore, its dissemination fell into the same category as
the diffusion of A-bomb materials. The debate went underground until 1993 when the US
launched the Clipper Chip, an encryption device designed for inclusion in consumer products.
The Clipper Chip offered the required privacy, but the government would retain a 'pass-key' -
anything encrypted with the chip could be read by government agencies.
Behind the scenes, law enforcement and intelligence agencies were pushing hard for a ban on
other forms of encryption. In a February 1993 document, obtained by the Electronic Privacy
Information Center (EPIC), they recommended 'Technical solutions, such as they are, will only
work if they are incorporated into all encryption products'.
To ensure that this occurs, legislation mandating the use of government-approved encryption
products, or adherence to government encryption criteria, is required.' The Clipper Chip was
widely criticised by industry, public interest groups, scientific societies and the public and,
though it was officially adopted, only a few were ever sold or used.
From 1994 onwards, Washington began to woo private companies to develop an encryption
system that would provide access to keys by government agencies. Under the proposals -
variously known as 'key escrow', 'key recovery' or 'trusted third parties' - the keys would be held
by a corporation, not a government agency, and would be designed by the private sector, not the
NSA. The systems, however, still entailed the assumption of guaranteed access to the
intelligence community and so proved as controversial as the Clipper Chip. The government
used export incentives to encourage companies to adopt key escrow products: they could export
stronger encryption, but only if they ensured that intelligence agencies had access to the keys.
Under US law, computer software and hardware cannot be exported if it contains encryption that
the NSA cannot break. The regulations stymie the availability of encryption in the USA because
companies are reluctant to develop two separate product lines -- one, with strong encryption, for
domestic use and another, with weak encryption, for the international market. Several cases are
pending in the US courts on the constitutionality of export controls; a federal court recently ruled
that they violate free speech rights under the First Amendment.
(... The NSA is one of the shadowiest of the US intelligence agencies. Until a few years ago, it existence
was a secret and its charter and any mention of its duties are still classified. However, it does have a Web
site (www.nsa.gov:8080) in which it describes itself as being responsible for the signals intelligence and
communications security activities of the US government. One of its bases, Menwith Hill, was to become
the biggest spy station in the world. Its ears -- known as radomes -- are capable of listening in to vast
chunks of the communications spectrum throughout Europe and the old Soviet Union
In its first decade the base sucked data from cables and microwave links running through a
nearby Post Office tower, but the communications revolutions of the Seventies and Eighties gave
the base a capability that even its architects could scarcely have been able to imagine. With the
creation of Intelsat and digital telecommunications, Menwith and other stations developed the
capability to eavesdrop on an extensive scale on fax, telex and voice messages. Then, with the
development of the Internet, electronic mail and electronic commerce, the listening posts were
able to increase their monitoring capability to eavesdrop on an unprecedented spectrum of
personal and business communications.
This activity has been all but ignored by the UK Parliament. When Labour MPs raised questions
about the activities of the NSA, the Government invoked secrecy rules. It has been the same for
(Simon Davis report: http://www.telegraph.co.uk)
The FBI has not let up on efforts to ban products on which it cannot eavesdrop. In mid-1997, it
introduced legislation to mandate that key-recovery systems be built into all computer systems.
The amendment was adopted by several congressional Committees but the Senate preferred a
weaker variant. A concerted campaign by computer, telephone and privacy groups finally
stopped the proposal; it now appears that no legislation will be enacted in the current Congress.
While the key escrow approach was being pushed in the USA, Washington had approached
foreign organisations and states. The linchpin for the campaign was David Aaron, US
ambassador to the Organisation for Economic Co-operation and Development (OECD), who
visited dozens of countries in what one analyst derided as a programme of 'laundering failed US
policy through international bodies to give it greater acceptance'.
Led by Germany and the Scandinavians, the EU has been generally distrustful of key escrow
technology. In October 1997, the European Commission released a report which advised:
'Restricting the use of encryption could well prevent law-abiding companies and citizens from
protecting themselves against criminal attacks. It would not, however, totally prevent criminals
from using these technologies.' The report noted that 'privacy considerations suggest limit the use
of cryptography as a means to ensure data security and confidentiality'.
Some European countries have or are contemplating independent restrictions. France had a
longstanding ban on the use of any cryptography to which the government does not have access.
However, a 1996 law, modified the existing system, allowing a system of "tiers du confidence",
although it has not been implemented, because of EU opposition. In 1997, the Conservative
government in the UK introduced a proposal creating a system of trusted third parties.
It was severely criticised at the time and by the new Labour government, which has not yet acted
upon its predecessor's recommendations. The debate over encryption and the conflicting
demands of security and privacy are bound to continue. The commercial future of the Internet
depends on a universally-accepted and foolproof method of on-line identification; as of now, the
only means of providing it is through strong encryption. That put the US government and some
of the world's largest corporations, notably Microsoft, on a collision course. (Report of David
Banisar, Deputy director of Privacy International and Simon Davies, Director General of Privacy
The issue of encryption divides the member states of the European Union. Last October the
European Commission published a report entitled: "Ensuring security and Trust in Electronic
Commerce", which argued that the advantages of allowing law enforcement agencies access to
encrypted messages are not clear and could cause considerable damage to the emerging
electronic industry. It says that if citizens and companies "fear that their communications and
transactions are being monitored with the help of key access or similar schemes unduly enlarging
the general surveillance possibility of government agencies, they may prefer to remaining in the
anonymous off-line world and electronic commerce will just not happen".
However, Mr Straw said in Birmingham (JHA Informal JHA Ministers) that: "It would not be in
the public interest to allow the improper use of encryption by criminals to be totally immune
from the attention of law enforcement agencies". The UK, along with France (which already has
a law obliging individuals to use "crackable" software) and the USA, is out on a limb in the EU.
"The UK presidency has a particular view and they are one of the access hard-liners. They want
access: "them and the French", commented an encryption expert. They are particularly about
"confidential services" which ensure that a message can only be read by the person for whom it
is intended who has a "key" to access it. The Commission's report proposes "monitoring"
Member States laws' on "confidential services" to ensure they do not contravene the rules of the
Examples of Abuse of Economic Information
In the course of collecting the data for and preparing this Interim Study various examples were
cited of abuse of privacy via global surveillance telecommunication systems. A number of them
is given in . For the final version of the study, we shall see whether the experts have further
comments to make on these examples, or whether they have new examples to suggest.
The consultation of experts in our survey so far yielded the following comments:
Since Internet has come to play a significant role in global commerce, then (as in Examples 1, 2, 3
and 4 cited below) Internet also became a tool of misleading information and a platform for
On the positive side, Internet is a "golden highway" for those interested in the process of
However, apart from global surveillance technology systems, additional tools have been
developed for surveillance. The additional tool used for information transferred via Internet or
via Digital Global telecommunication systems is the capture of data with Taiga software. Taiga
software has the possibility to capture, process and analyse multilingual information in a very
short period of time (I billion characters per second), using key-words.
The examples given below are taken from the sources named:
On January 15, 1990, the telephone network of AT&T company, in all the North-east part of
USA faced serious difficulties. The network NuPrometheus had illegally owned and distributed
the key-code of the operational system of AT&T Macintosh computer (Apple company).
J.P. Barlow: "A not terribly brief history of the Electronic Frontier Foundation," 8 November 1990
On January 24, 1990, the Electronic Frontier Foundation (EFF) in USA, accused a huge police
operation under the encoded name "Sun Devil", in which 40 computers and 23,000 diskettes
were seized from teenagers, in 15 towns within USA. Teenager Craig Neidorf supported by EFF,
not to be punished in 60 years prison and 120,000 USD penalty. Craig Neidorf had published in
Phrack (a hackers magazine) part of the internal files of a telephone company.
M. Godwin: "The EFF and virtual communities," 1991
On June 25, 1998, in Absheim, an aircraft A-320 of the European Company "Airbus Industries"
crashed during a demonstration flight. The accident was reportedly caused by dangerous
manoeuvres. One person died and 20 were injured.
Very soon afterwards, and before the announcement of the official report, in the aerospace and
transport Internet newsgroups there appeared many hostile messages against the Airbus
undertaking and against the French company Aerospatiale as well, with which Airbus had close
cooperation. Messages declared that the accident was to be expected because European engineers
are not so highly qualified as American engineers. It was also clearly stated, that in the future
similar accidents were to be expected.
Aerospatiale's representatives took these hostile messages very seriously. They tried to discover
the sources of messages and they finally realised that senders' identification data, addresses and
nodes were false. The source messages came from USA, from computers with misleading
identification data and transferred from anonymous servers in Finland.
B. Martnet and Y.M. Marti: "L'intelligence econimique. Les yeux et les oreilles de 1' enterprise, Editions
d'organisation". Paris 1995
In October 31, 1994, in USA, an accident occurred to an ATR aircraft (of the European
Consortium Aeritalia and Aerospatiale). Owing to this accident, a ban on ATR flights for two
months was imposed. This decision became catastrophic on a commercial level for the company,
because ATR was obliged to carry out test flights in fog conditions.
During this period, in Internet newsgroups (and especially in the AVSIG forum, supported by
Compuserve), the exchange of messages was of vital significance. The messages supporting the
European company were few, while the messages against ATR were many.
At the beginning of January 1995, there appeared a message from a journalist in this forum
asking the following: "I have heard that ATR flights will begin soon. Can anybody confirm this
information?" The answer came very soon. Three days after, unexpectedly, permission to
continue ATR flights was given. The company learned this, as soon as the permission
announced. But if they had actively participated in the newsgroups, they would have gained
some days to inform their offices and their clients.
"Des langages pour analyser la poussiere d' info", Liberation, 9 June 1995
The government of Brasil in 1994, announced its intention to assign an international contract
(Amazonios). This procurement was of great interest since the total amount available for the
contract was 1,4 billion USD. From Europe, the French companies Thomson and Alcatel
expressed their interest and from USA, the huge weapon industry Raytheon. Although the offer
of the French companies was technically excellent and allegedly better documented, the contract
was eventually assigned to the USA company. It was reported in the press that this was achieved
with a new offensive strategy used by USA. When the government of Brazil was about to assign
the contract to the French companies, American Officials (allegedly with the personal
involvement of President Bill Clinton) readjusted their offer, according to the offer of the
European companies, and asserted that French companies influenced the committee, an
accusation which was never proved. On the other hand, the European companies were reported
to have indications that the intention of the government of Brazil to assign the contract to the
European companies became known to Americans with the use of FBI's surveillance
"La nouvelle machine de querre americaine", LeMonde du reseingnement no 158, 16 February 1995
In January 1994 Edouard Balladur, French Prime Minister, went to Ryadh (Saudi Arabia),
feeling certain to bring back a historic contract for more than 30 million francs in sale of
weapons and, especially, Airbus. He returned disappointed. The contract went to the McDonnell-
Douglas American company, rival of Airbus. The French were report to believe that this was at
least in part due to electronic surveillance by the ECHELON system, which had given to the
Americans the financial conditions and incentives authorised by Airbus.
French press reports said the National Security Agency is the most secret and most significant of
the thirteen secret agencies of the United States. It receives about a third of the appropriations
allocated with clandestine intelligence: 8 of the 26,6 billion dollars (160 18 billion francs)
registered appropriations in the 1997 budget. With its 20.000 employees in United States and
some thousands of agents throughout the world, the NSA (which forms part of ministry for
Defence since its creation in 1956) is more important than the CIA, even if the latter is better
known to the public. Its site at Fort Meade contains, according to sources familiar with the place,
the greatest concentration of data processing power and mathematicians in the world. They are
employed to sort and analyse the flood of data acquired by ECHELON on the networks of
"Echelon est au service des interets americains", Liberation, 21 April 1998
PART C: TECHNICAL FILE
Surveillance and Privacy
Surveillance is the systematic investigation or monitoring of the actions or communications of
one or more persons. It has traditionally been undertaken by physical means (e.g. prison guards
on towers). In recent decades it has been enhanced through image amplification devices such as
binoculars and high-resolution satellite cameras.
The basic born [sic] physical surveillance comprises watching (visual surveillance) and listening
(aural surveillance). Monitoring may be undertaken remotely in space, with the aid of image
amplification devices like field glasses, infrared binoculars, light amplifiers and satellite cameras
and sound amplification devices like directional microphones; and remotely in time with the aid
of image and sound recording devices.
Electronic devices have been developed to augment physical surveillance and offer new
possibilities such as closed-circuit TV (CCTV), VCR, telephone bugging, Proximity cards,
Electronic Database, etc.
In addition to physical surveillance, several kinds of communications surveillance are practiced,
including mail covers and telephone interception.
The popular term electronic surveillance refers to both augmentations to physical surveillance
(such as directional microphones and audio bugs) and to communication surveillance,
particularly telephone taps.
The recent years have seen the emergence and refinement of a new form of surveillance no
longer of the real person, but of the person's data shadow or digital persona. Data surveillance or
Dataveillance is the systematic use of personal data systems in the investigation or monitoring of
the actions or communications of one or more persons. Dataveillance is significantly lees
expensive than physical and electronic surveillance, because it can be automated. As a result, the
economic constraints on surveillance are diminished and more individuals and larger populations
are capable of being monitored. Like surveillance, more generally, Dataveillance is of two kinds:
"personal Dataveillance", where a particular person has been previously identified as being of
interest, "mass Dataveillance", where a group or large population is monitored, in order to detect
individuals of interest, and / or to deter people from stepping out of line.
Surveillance technology systems are mechanisms, which can identify, monitor and track
movements and data. During the last few decades since information technology has become
immensely sophisticated real benefits have been achieved in the development of surveillance
On the other hand, negative impacts have been considerable:
The application of IT to the surveillance of people through their data.
IT technology may have substantial implications in privacy.
People often think of privacy as some kind of right. Unfortunately, the concept of a "right" is a
problematic way to start, became a right seems to be some kind of absolute standard. What's
worse, is very easy to get confused between legal rights on one hand and natural or moral rights
on the other. It turns out to be much more useful to think about privacy as one kind of thing
(among many kinds of things) that people like to have lots of.
Privacy the interest that individuals have in sustaining a "personal space" free from interference
by other people and organizations.
To a deeper level privacy turns out not to be a single interest but rather has several dimensions:
privacy of the person
privacy of personal behavior
privacy of personal communications
privacy of personal data
With the close coupling that has occurred between computing and communications, particularly
since the 1980's the last two aspects have become closely linked, and are commonly referred as
Information privacy is the interest an individual has in controlling, or at least significantly
influencing the handling of data about themselves.
The term 'data privacy' is sometimes used in the same way. 'Data' refers to inert numbers, where
information implies the use of data by humans to extract meaning; hence 'information privacy' is
arguably the more descriptive way of the two alternatives.
'Confidentiality' is an incidental and wholly inadequate substitute for proper information privacy,
'Confidentiality is the legal duty of individuals who come into the procession of information about
others, especially in the course of particular kinds of relationships with them'.
A variety of Dataveillnce techniques exists. Front-end verification (FEV), for example,
comprises the checking of data supplied by an applicant (e.g. for a loan or government benefit)
against data from a variety of additional sources, in order to identify discrepancies.
FEV may be applied as a person dataveillance tool where responsible grounds exist for
suspecting that the information the person has provided may be unreliable; where, on the other
hand, it is applied to every applicant, mass dataveillance is being undertaken. Data matching is a
facilitative mechanism of particular value in mass dataveillance. It involves trawling through
large volumes of data collected for different purposes, searching for discrepancies and drawing
influences from them.
Personal dataveillance of previously identified individuals
integration of data hitherto stored in various locations within a single organization
screening or authentication of transactions against internal norms
front-end verification of transactions that appear to be exceptional, against data relevant to the
matter at hand. and sought from other databases or from third parties.
front-end audit of individuals who appear to be exceptional against data related to other
databases or from third parties.
cross-system enforcement against individuals, where a third party reports that the individual has
committed a transgression in his or her relationship with the third party.
Mass dataveillance of groups of people.
screening or authentication of all transactions, where or not they appear to be exceptional,
against internal norms
front-end verification of all transactions, whether or not they appear to be exceptional against
data relevant to the matter at hand, as sought from other internal databases or from third
front-end audit of individuals, whether or not they appear to be exceptional against data
relevant to the matter at hand, as sought from other internal databases or from third parties.
single-factor file analysis of all data held or able to be acquired, whether or not they appear to
be exceptional, variously involving transaction data compared against a norm, permanent data
or other transaction data.
profiling or multi-factor file analysis of all data held or able to acquire, whether or not they
appear to be exceptional, variously involving singular profiling of data held at a point in time, or
aggregative profiling of transaction trails over time.
Facilitative mechanisms could be:
computer data matching, in which personal data records relating to many people are compared
in order to identify cases of interest
data concentration, homely the combination of personal data interchange networks and hub
Risks inherent in Data Surveillance
Data surveillance's broader social impacts can be grouped as follows:
In personal dataveillance
low data quickly decisions [sic]
lack of subject knowledge of, and consent to, data flows
denial of redemsion [sic]
In mass surveillance
a. Risks to the individuals:
a contextual data merger
complexity and incomprehensibility of data
ex-ante discrimination and guilt prediction
inversion of the onus of proof
unknown accusations and accusers
denial of due process
b. Risks to society:
prevailing climate of suspicion
focus of law enforcement on easily detectable and provable offences
inequitable application of the law
decreased respect for the law and low enforcers
reduction in the meaningfulness of individual actions
reduction in self-reliance and self-determination
stultification of originality
increased tendency to opt out of the official level of society
weakening of society's moral fibre and cohesion
destabilization of the strategic balance of
power repressive potential for the totalitarian government.
By way of example, individuals can suffer as a result of misunderstandings about the meaning of
data on the file, or because the file contains erroneous data, which the individual does not
understand and against which he / she has little or not chance of arguing without the help of a
Such seemingly small, but potentially very frustrating and infuriating personal problems can
escalate into widespread distrust by people of government agencies and the legal system as a
Of course, many of the risks referred are diffuse. On the other hand, there is a critical economic
difference between conventional forms of surveillance and Dataveillance.
Physical surveillance is expensive because it requires the application of considerable resources.
Although (with few exceptions), this expense has been sufficient to restrict the use of
surveillance. Admittedly the selection criteria used by the surveillance agencies have not always
accorded with what the citizenry might have preferred, but at least its extent was limited. The
effect was that in most countries the abuses affected particular individuals who had attracted the
attention of the state, but were not so pervasive that artistic and potential freedoms were widely
Dataveillance changes all that. Dataveillance is relatively very cheap and getting cheaper all the
time, thanks to progress in information technology. The economic limitations are overcome and
the digital persona can be monitored with thoroughness and frequency and surveillance extended
to whole populations. Nowadays, a number of particular populations have attracted the bulk of
the attention, because the state already processed substantial data - holdings about them. There
are social welfare recipients and employers of the state. Now that techniques have been refined,
they are being pressed into more general usage, in the private as well in the public sector.
If dataveillance is burgeoning, controls are needed to ensure that its use is not excessive or
unfair. There is a variety of natural or intrinsic controls, such as self-restraint and morality.
Unfortunately morality has been shown many times to be an entirely inadequate influence over
people's behaviour. There is also the economic constraint, whereby work that isn't worth doing
tends not to get done, because people perceive better things to do with the same scarce resources.
Regrettably this too is largely ineffective. Cost/benefit analysis of dataveillance measures is
seldom performed, and when it has been the quality has generally been appalling. This reflects
the dominance of political over economic considerations -- both politicians and public servants
want action to be seen to be being taken, and are less concerned about its effectiveness than its
If intrinsic controls are inadequate, extrinsic measures are vital. For example, the codes of ethics
of professional bodies and industry associations could be of assistance. Regrettably, these are
generally years behind the problems, and largely statements of aspiration rather than operational
guidelines and actionable statements of what is and is not acceptable behaviour. Over twenty
years after the information privacy movement gathered steam, there are few and very limited
laws which make dataveillance activities illegal, or which enable regulatory agencies or the
public to sue transgressing organisations. A (limited) statute exists at national level, but none at
all at the level of State Governments. In any case, statutory regimes are often weak due to the
power of data-using lobbies, the lack of organisation of the public, and the lack of
comprehension and interest by politicians. The public has demonstrated itself as being unable to
focus on complex issues; public apathy is only overcome when a proposal is presented simply
and starkly, such as 'the State is proposing to issue you with a plastic card. You will need to
produce it whenever anyone asks you to demonstrate that you have Permission to breathe'.
There is a tendency for dataveillance tools to be developed in advanced nations, which have
democratic traditions and processes (however imperfect). There is a further tendency for the
technology to be exported to less developed countries.
Many of these have less well-developed democratic traditions, more authoritarian and even
repressive regimes. The control mechanisms in advanced western democracies are inadequate to
cope with sophisticated dataveillance technologies; in third world countries there is very little
chance indeed of new extrinsic controls being established to ensure balance in their application.
It appears that some third-world countries may be being used as test-beds for new dataveillance
2. SURVEILLANCE: TOOLS AND TECHNIQUES - Current technologies
Surveillance is using some of the most advanced and sophisticated technology to keep track of
individuals; where they go, what they do and even what they say.
Visual and audio surveillance are almost everywhere, and, modern electronic technology gives
the possibility of keeping track of individual's moments without cameras or microphones, just
with surveillance of their data (Dataveillance )
1. Visual Surveillance
Closed-circuit TV (CCTV) is the most common electronic visual surveillance technique.
Recording can be in two modes: real-time or time-lapse. Real-time is regular TV (at 30 frames
(second) showing full motion). Time-lapse selects only a few frames per time period, perhaps
one or two per second, to record. The advantage of time-lapse is that it allows one tape to record
for a much longer time than real time recording
Video electronics can be very sophisticated indeed and the recent trend is digital video. This
allows using the QUAD recording system, a method of compressing four separate camera images
into a single frame, so that the guard could see all four views on the monitor screen and record
them on a VCR (Video Cassette Recorder) at the same time. These systems allow detailed
surveillance and plant monitoring, so that responsibles can observe everything happening within
In the previous years may be, only the entrance (or specific spaces) would be under video
surveillance. Now it is possible to have surveillance everywhere. Using hard disks instead of
videotape allows keeping a record of several month's worth of time-lapse video.
Cameras also are much more sophisticated today than years ago. New circuits allow the camera
to ignore bright, light-emitting objects within their fields of view. Miniaturization allows easier
concealment, infra-red cameras allow surveillance in darkness. Video surveillance is portable as
well. The old days of concealing a camcorder in a briefcase or duffel bag have given way to
subminiature cameras concealed in neckties and other items. Decoy items (items containing the
surveillance equipment) include baseball caps, belt buckles, briefcases, eyeglasses and
CCTV is very quickly becoming an internal part of crime control policy, social control theory
and Community consciousness. It is promoted by police and politicians as primary solution for
They are now used in many areas, including roads, trains, railway platforms, car parks, loading
docks, shopping centers, individual retail stores, banks, automatic teller machines, petrol
stations, lifts, lobby areas, cash handling and storage areas and employee recreation rooms.
Within the aims of the contract, this study looks at its usage in five main industrial contexts:
retail stores, financial services, manufacturing, warehousing and distribution, larger office
buildings and leisure and entertainment complexes.
Video surveillance is used in these industries for several reasons:
to minimize the risk of theft, especially in the retail industry for purposes of deterring and
protect premises from threats to property such as sabotage, arson and vandalism
to monitor individual employee work performance
to improve customer service by observing peak periods and planning the allocation of staff
throughout the day
to assist in staff training
to enhance health and safety standards
to ensure that employees comply with legal obligations
to protect employers from liability claims
to monitor production processes.
Most surveillance systems are being installed to prevent theft, either by outsiders or employees,
but, video surveillance systems often are used for a range of purposes beyond what was
originally intended. Surveillance systems which are initially installed for the purpose of
protecting property against an external security threat can be used for other purposes, such as to
monitor employees' productivity and work behavior.
The routine use of video surveillance has the potential to undermine employees' sense of privacy
and dignity in the workplace. Surveillance is associated with increased levels of stress,
undermining morale and creating distrust and suspicion between employees and management.
While it may be an effective instrument to protect an employer from external security threats, it
is not appropriate as a means of monitoring individual employee performance.
Covert surveillance with a smaller number of hidden cameras may in fact be a much popular
and at the same time cheaper option than a general security system.
Some of the justifications offered for covert video surveillance are:
employers have a right to protect their business interests
covert surveillance affect fewer employees than overt surveillance and is much cheaper
if employees are unaware of surveillance, there is less risk of individual disputation
covert surveillance is often the most effective means of detecting unlawful activity.
2. Audio Surveillance
Audio surveillance is no longer merely an arcane art practiced by spies and private detectives.
Today, it's common place and spreading. Tape recorders are a fact of life, and they're often used
to document a transaction. Trying to telephone some companies and some government agencies
there is a recording sign says: "This transaction is being recorded to help us assure ...".
In some companies the real purpose of tape recording conversation is to check how may the
handle an hour, and to have evidence in case the customer says something that can used against
In prisons, officials often use electronic equipment to record all telephone conversations. Some
of these are between lawyer and client, but all they go onto tape. It depends on the ethics of the
guards whether they listen or not.
They are "high tech voice recorders" that put every conversation on a CD disk. A model made
for correctional use is the "Laser voice", using optional disk voice recording.
"Tube mike" is an electric device for "bugging" a room, motor vehicle, or other premises. It is a
plastic tube passed through a small hole in a wall to conduct sound from the room to a small
microphone at the other end.
This could be characterized as "non- access surveillance".
"Tube microphones" come in all sizes. Some are relatively large plastic tubes (about 1/2'' in
diameter), but for tight spaces or maximum concealment there are "needle microphones" pressed
against a wall to hear sounds in the next room.
If there is access to a room, a bug could be planted almost anywhere, even in the subject's
clothing. "Radio mikes" transmit whatever they pick up to a nearby receiver eliminating the
need for tell-tale wires. Their only drawback, if they're totally self-contained, is battery life.
Other models fit into wall plugs, and take their power from the house current
One type of portable radio mike is the size and shape of a credit card, with a range of several
hundred feet and a 30-hour battery life. Placed into the beast pocket of the subjects jacket, it
permits monitoring a conversation held outdoors. The value of this is that many people think its
possible to overhear a conversation held on the street or in a park, and that walking will defeat
any prospect of a bug planted nearby.
In the open market there are several models of "gimmicked telephones" that use in the built in
microphone to pick up any conversation in the room even when the telephone is not in use.
All the types of audio surveillance with miscellaneous bugging devices described before, are
used today mainly in police and internal security agencies (such as FBI, NSA etc) or in
companies security departments.
Telephone tapping still exists, but with today's Electronic Switching System (ESS) its no longer
necessary to go out and physically tap a person's telephone line.
3. Phone Tapping and Encryption
Whenever a telephone line is tapped the privacy of the persons at both ends of the line is invaded
and all conversations between them upon any subject and although proper, confidential and
privileged ma be overheard.
The phone tapping normally used for surveillance of communications to combat "serious crime"
and to protect "national security".
On the other hand often companies keep records of phone numbers calls and the duration of such
calls. In some companies these records are used to gauge job performance, while in others it
simply allows employees to review calls and reimburse the employer for calls of a purely
4. Voice and Word Pattern Recognition
Since it is no possible for an Agency or organization to employ a staff large enough to listen to
all telephone conversations, read all faxes, etc, word recognition has to be computerized.
In this case a central computer could monitor all (or a group) of telephone conversations and
recognize those in which the agency had an interest by using voice patterns and key words.
A wide variety of techniques are used to perform speech recognition. Typically speech
recognition starts with the digital sampling of speech. The next stage is acoustic signal
processing. Most techniques include spectral analysis e.g. LPC (Linear Predictive Coding),
MFCC (Mel Frequency Cepstral Coefficients) cochlea modeling and many more.
The next stage is recognition of phonemes, groups of phonemes and words. This stage can be
achieved by many processes such as DTW (Dynamic Time Warping), HMM (Hidden Markov
modeling), expert systems and combination of techniques.
Most systems utilize some knowledge of the language to aid the recognition process. Some
systems try to "understand" speech. That is try to convert the words into a representation of what
the speaker intended to mean or achieve by what they said.
Voice and pattern recognition used as an advanced tool and a helpful technique (thanks to the IT)
for surveillance of communications to combat "serious crime" or to protect "national security"
5. Proximity Smart Cards
Originally, electronic cards were substitutes for keys, which were too easy to reproduce. A metal
key blank and a file where all that were necessary to duplicate a key, but more sophisticated
equipment is necessary to duplicate even the simplest sort of electronic card.
The first type of electronic card used barium ferrite as magnetic dots embedded in the magnetic
layer. This was a significant advance over punched cards, that were relatively easy to duplicate.
In the early 1970s, magnetic stripe cards were produced (by IBM), which are still used in credit
cards and are somewhat more secure. However, they're still too easy to forge and should pass
through a magnetic stripe reader.
In the early 1980s, the advent of Application Specific Integrated Circuit (ASIC) technology,
resulted in what quickly become known as "smart card" which could hold a variety of codes and
information to make misuse or duplication almost impossible. This was the first "proximity
card", which did not require direct contact through a card recorder.
The proximity card is basically a "transponder" an electronic device that replies to a radio signal
that "interrogates" it. The extended range model doesn't require even placing it near the card
reader, as it transmits to a receiver several feet away.
Use of proximity smart card as Transport card / E-purse
Transportation companies use the proximity smart cards to replace metro, bus, train tickets and
boarding cards, etc.
The proximity smart card results in considerable time saving by greatly increasing passenger
flow without diminishing security
With the contact part of the card, the proximity smart card is perfectly suited to financial
transactions involving small amounts of money: automatic vending cafeterias, local shops,
parking fees, cinemas, recreation / amusement parks, cultural and sports centers etc.
Use of proximity smart card as Access control / ID card
The company Proximity smart card contains data used to identify cardholders, as well as his own
different access rights. The contactless part of the card is used to access building and other
The contact portion can be used for network access, such as the Internet. With the electronic
purse function it can be used in the company restaurant, at automatic vending machines, just
like a traditional multi-service card.
One application, although, extends the proximity card's usefulness by turning it into a tracking
device. Proximity readers installed along the walls of a building allow tracking each card within
the facility. If somebody is carrying one of these cards within a building so equipped, the central
computer can sense exactly where he (she is at all times). There is a record of which area the
employee (or visitor) is in, when he leaves, and where else within the building he may go. If the
employee goes to the cafeteria, the computer will log when he lefts his work station, how long it
took him to get to the cafeteria, which root he took, how long he remained in the cafeteria, when
he started back and by which route, and when he arrived back in his work area. Likewise if he
went to the bathroom. The computer can record whether he/she went to the men's room or the
Many countries are actively considering adopting national ID cards for the variety of functions.
These include the United States, United Kingdom and Canada.
There are ID cards (credit cards) used for digital cash service which is supposed to be
"anonymous". But, it appears that the bank and the merchants could find the identity of the users.
The customer is identified to the trader and ultimate to the bank by the 300 previous transactions.
Each of these will soon be superseded by further transactions and drop off end of the list.
These can be monitored by the bank and could be used for marketing purposes. This is the audit
trail and could be sold to business users for third party marketing.
6. Transmitter Location
When a telephone or mobile phone used, the location of the user could be identified. The science
of location radio uses three methods of finding a transmitter. The oldest is triangulation, in which
several receiving stations with directional antennas take bearing on a transmission and
communicate the bearing to a central plotting room.
Technicians trace each bearing on a map of the area and the intersection of the bearing pinpoints
the location of the transmitter.
The second method requires several receives as well, and works by measuring the relative
strengths of signals received. A computer analyses the strengths and determines the location of
The third method also requires a computer-controlled chain of receives and measures the minute
differences in the time the signal arrives at each receiver.
Formerly classified, these techniques are now available on the civilian market for law
enforcement and private security. One application is locating stolen cars by pinpointing radio
transmitters installed in the vehicle for this purpose.
Location of cellular phones in another application. Police today are using (in some countries) this
application to pinpoint the location of cellphone users. Purportedly, this is to speed emergency
response when a citizen calls for help (at home or in the road). Once the equipment is in place, it
can, and must, serve other purposes. Criminal investigators will be able to pinpoint a specific
cellphone each time the caller uses it, this will help an investigation into a stolen cellphone, or
help locate wanted persons unwise enough to use cellphone or mobile phone.
Another device, sold only to police, is the "cellphone ESN Reader", which reads the numbers of
the targeted cellphone. This detects and records the cellular phone number, called number and
ESN of the target phone of a ranges of up to two miles.
Theoretically, the technology can locate every cellphone and every mobile phone in the country
every time someone makes a call on it (for cellphones) or just open it (for mobile phones).
7. E-mail at workplace
Personal messages the employee sent over his company's e-mail are not private. They are not,
and court decisions have held that they're not.
It is a safe assumption that companies will keep an increasingly watchful eye on their internal
email, and scrutinize what employees are saying to each other. It is easy to see that some
companies may find that scrutinising staff e-mail can have more than one advantage for a
company management. Originally instigated to avoid liability, reading employee's e-mail can
also serve to alert management of dishonesty, disloyalty or even matters like union activity.
8. Electronic Databases
The computer age has brought surveillance into a new era in which information about almost
anybody is available to almost anybody.
Databases from Human Identification
There are a lot of government databases containing information about almost every resident in
United States and in many European Countries as well.
A variety of person identification techniques are available, which can assist in associating data
with them. Important examples of these techniques are:
names (what the person is called by other people)
codes (what the person is called by the organization)
knowledge (what the person knows)
biometrics (what the person is, does, or looks like e.g. appearance, natural physiography, etc.)
Data bases for financial surveillance
Financial records are gathered privately by several giant companies that specialize in this sort of
information. These "credit reporting bureaus" purportedly maintain credit records, but in fact
keep far more than credit information in their databases.
Other databases for human identification
There exist specialized databases available mainly to private investigators. These call
information from telephone directories, city directories, voter registration records and many
other public and private records to provide a profile of the person being investigated.
9. The Internet
The Internet, which began as a Computer communication network between Universities and
laboratories decades ago, has turned into a vast public forum accessible to anyone with a
International organizations, Public authorities, Companies, Universities, Research centers and
individuals have access and exploit the Internet.
On the other hand Internet became:
an entertainment tool
a huge Information source
an important marketing tool
a big virtual electronic market with a considerable number of economic transactions every
IT technology at the same time, restricted the individuals' right to privacy since they could be
identified through their ID number or through their records or transactions.
The growing rift between the needs of Internet Commerce and the individual's right to privacy
gave rise to the development of new tools.
In January 1999 Intel announced its plans for the development of a microchip containing
embedded electronic serial numbers that allow individual computers to be readily identified.
The identities, similar to the unique vehicle identification numbers on cars and trucks would be a
caller ID technology for computer.
But critics see it is on an ominous development, ushering in a new period of electronic
surveillance. Privacy experts fear the new Intel chip could mean the death of anonymity on the
But this would appear to really variously endanger privacy on the Internet by creating a
permanent ID number for every Intel user on the Net.
3. THE USE OF SURVEILLANCE TECHNOLOGY SYSTEMS FOR THE TRANSMISSION AND
COLLECTION OF ECONOMIC INFORMATION
As the Internet and other communication systems reach further into the everyday lives, national
security, low enforcement and individual privacy have become perilously intertwined.
Governments want to restrict the free flow of information and software producers are seeking
ways to ensure consumers are not bugged from the moment of purchases.
All developing communication technologies, digital telephone switches cellular and satellite
phones HAVE SURVEILLANCE CAPABILITIES. On the other hand the development of
software that contains encryption, a telephone which allows people to scramble their
communications and files to prevent others from reading them gourd earth [sic].
3.1 CALEA system
The first effort to heighten surveillance opportunities (made by USA) was to force
telecommunication companies to use equipment desired to include enhanced wiretapping
In the late 1980s in a program known internally as "Operation Root Canal" US low enforcement
officials demanded that telephone companies alter their equipment to facilitate the interception of
messages. The companies refused but, after several years of lobbying, Congress enacted the
Communications Assistance for Law Enforcement ACT (CALEA) in 1994.
CALEA requires that terrestrial cellular phone services and other entities ensure that all their
equipment, facilities or services are capable of expeditiously, enabling the government to
intercept all wire and oral communications varied by the carrier concurrently with their
Communications must be interceptable in such a form that they could be transmitted to a remote
government facility. Manufactures must work with industry and low enforcement officials to
ensure that their equipment meets federal standards.
The passage of CALEA has been controversial, but its provisions have yet to be enforced due to
FBI efforts to include even more rigorous regulations under the law. These include: the
requirement, the cell phones allow for location - tracking on demand and that telephone
companies provide capacity for up to 50.000 simultaneous wiretaps.
CALEA finally has been accepted as an International standard in US. In 1991 the FBI contacted
EU member states in order to propose to them do incorporate CALEA into European Law. This
plan according to an EU report, was to call for the Western World (EU, US and allies) to agree to
norms and procedures and then sell their products to Third World countries. There is a council
resolution that was adopted on 17 January 1997 on the lawful interception of communications
(961C329/a). The US government is now in negotiations with the International
Telecommunications Unit (ITU) to adopt the standards globally.
3.2 ECHELON Connection
The previous STOA Interim Study (PE 166.499) entitled "An Appraisal of technologies of
political control" made certain statements concerning the ECHELON global surveillance system.
This is reported to be a world-wide surveillance system designed and coordinated by the US
NSA (National Security Agency) that intercepts e-mail, fax, telex and international telephone
communications carried via satellites and has been operating since the early 1980s - it is part of
the post Cold War developments based on the UK-USA agreement signed between the UK,
USA, Canada, Australia and New Zealand in 1948.
The five agencies said to be involved are: the US National Security Agency (NSA), the
Government Communications Security Bureau (GCSB) in New Zealand, Government
Communications Headquarters Signals Directorate (DSD) in Australia. The system was brought
to light by the author Nicky Hager in his 1996 book Secret Power: New Zealand's role in the
International Spy Network. For this, he interviewed more than 50 people who work or have
worked in intelligence who are concerned at the uses of ECHELON. It is said that "The
ECHELON system is not designed to eavesdrop on a particular individual's e-mail or fax link.
Rather, the system works by indiscriminately intercepting very large quantities of
communications and using computers to identify and extract messages from the mass of
According to Interim Study (PE 166.499) of 1998, there are reported to be three components to
1. The monitoring of Intelsats, international telecommunications satellites used by phone companies In
most countries. A key ECHELON station is at Morwenstow in Cornwall monitoring Europe, the Atlantic
and the Indian Ocean.
2. ECHELON interception of non-Intelsat regional communication satellites. Key monitoring
stations are Menwith Hill in Yorkshire and Bad Aibling in Germany.
3. The final element of the ECHELON system is the surveillance of land-based or under-sea
systems, which use cables or microwave tower networks.
At present it is thought ECHELON's effort is primarily directed at the "written form" (e-mails,
fixes, and telexes) but new satellite telephones system which take over from old land-based ones
will be as vulnerable as the "written word".
Each of the five centres supply to the other four "Dictionaries" of keywords, phrases, people and
places to 'stag" and tagged intercept is forwarded straight to the requesting country.
It is the interface of the ECHELON system and its potential development on phone calls
combined with the standardisation of"tappable" telecommunications centres and equipment
being sponsored by the EU and the USA which presents a truly global threat over which there
are no legal or democratic controls.
The earlier study (PE 166.499) identified a number of options for the European Union, centred
round the proposition that:
"All surveillance technologies, operations and practices should be subject to procedures to ensure
democratic accountability and there should be proper codes of practice to ensure redress if malpractice
or abuse takes place. Explicit criteria should be agreed for deciding who should be targeted for
surveillance and who should not, how such data is stored, processed and shared. Such criteria and
associated codes of practice should be made publicly available."
Other points included:
- All requisite codes of practice should ensure that new surveillance technologies are brought within the
appropriate data protection legislation.
- Given that data from most digital monitoring systems can be seamlessly edited, new guidance
should be provided on what constitutes admissible evidence. This concern is particularly relevant
to automatic identification systems which will need to take cognizance of the provisions of
Article 15, of the 1995 European Directive on the Protection of Individuals and Processing of
- Regulations should be developed covering the provision of electronic bugging and tapping
devices to private citizens and companies, so that their sale is governed by legal permission
rather than self regulation.
- Use of telephone interception by Member states should be subject to procedures of public
accountability referred to in (1) above. Before any telephone interception takes place a warrant
should be obtained in a manna prescribed by the relevant parliament. In most cases, law
enforcement agencies will not be permitted to self-authorise interception except in the most
unusual of circumstances which should be reported back to the authorising authority at the
- Annual statistics on interception should be reported to each member states' parliament. These
statistics should provide comprehensive details of the actual number of communication devices
intercepted and data should be not be aggregated. (This is to avoid the statistics only identifying
the number of warrants, issued whereas organisations under surveillance may have many
hundreds of members, all of whose phones may be subject to interception).
- Technologies facilitating the automatic profiling and pattern analysis of telephone calls to
establish friendship and contact networks should be subject to the same legal requirements as
those for telephone interception and reported to the relevant member state parliament.
- The European Parliament should reject proposals from the United States for making private
messages via the global communications network (Internet) accessible to US Intelligence
Agencies. Nor should the Parliament agree to new expensive encryption controls without a wide
ranging debate within the EU on the implications of such measures. These encompass the civil
and human rights of European citizens and the commercial rights of companies to operate within
the law, without unwarranted surveillance by intelligence agencies operating in conjunction with
3. Inhabitant identification Schemes
Inhabitant identification schemes are schemes, which provide all, or most people in the country
with a unique code and a token (generally a card) containing the code.
Such schemes are used in many European Countries for a defined set of purposes, typically the
administration of taxation, natural superannuation and health insurance. In some countries, they
are used for multiple additional purposes.
4. THE NATURE OF ECONOMIC INFORMATION SELECTED BY SURVEILLANCE TECHNOLOGY
A. From telecommunication systems
Concerning public authorities and organizations:
secret telephone conversations, fax messages and electronic mail
sensitive information concerning taxation
information concerning various fund transfers especially from one service to the other and
data used in the critical banking infrastructure systems
private business communication, including telephone conversations, fax messages and
order from fund transfers and other financial transactions (e.g. payments by credit cards by fax)
sensitive business information and trade secrets
private conversations, fax messages, e-mail
payments by credit cards
secret information concerning taxation
B. From new information technologies (Internet)
Concerning public authorities and organizations:
sensitive information and state secrets
tax records and other financial information
data used in the operation of critical infrastructure systems
public contracts received by electronic mail
invoices and other official documents
secret electronic transactions
risk of international property and license in secret transactions
payment orders by credit cards
payments received on-line
Concerning consumers and individuals:
payment by credit cards
contracts and agreements
electronic financial transactions (e.g. tele-banking).
C. Some examples of data collection on tSe Internet
Data can be collected over the Internet either directly or indirectly; in other words, it can be
collected either at the time of contact with a correspondent or without the knowledge of the
person concerned, often automatically. The nature of the data collected varies according to the
protocol used on the network i.e. according to the type of service. In practice, different protocols
are very often used in combination to augment the profitability or quality of exchanges. For
example, a Web page may propose an exchange of correspondence or a transfer of documents
via links with the e-mail protocol and the protocol used for transferring files, which is more
When electronic messaging is used (Simple Mail Transfer Protocol -- SMTP, and Network News
Transfer Protocol -- NNTP), communication is established from one personal mailbox to
another, or between a personal mailbox and a mailbox common to a number of correspondents.
The information transmitted consists of the name and e-mail address, the server address and the
signature file (sig.file) if created by the user of the machine. If a communication is addressed to a
joint mailbox, this information is given out to an indeterminate number of correspondents,
participation in a discussion group being theoretically free. As a result, any person listed on a
distribution list can at the very least obtain the e-mail addresses of all other listed parties, since
this information is provided automatically for purposes of communication on a given topic.
While most downloading (File Transfer Protocol -- FTP) is done anonymously, with only the
network's Internet Protocol -- IP -- address being revealed, the same cannot be said for document
presentation (World Wide Web -- WWW, Hyper Text Transfer Protocol -- HTTP). The
minimum information revealed at each step in the Web is the name of the network machine
making the request and the type of browser being used. Browsers contain an identification -- ID -
- file which, is configured by the user or at the user's request, stores various personal data such as
the user's name or e-mail address. If a Web server requests this information, it can be
automatically given out.
A Web server can also send out information, which is stored by the user's navigator (so-called
'cookies') and retrieved at a subsequent connection to the server. This system indicates that a
visitor has been there before, but without revealing his identity: identification requires matching
with other information. As a result, when linked to the ID file incorporated into the browser and
transmitted to a server, the information recorded in cookies c-an yield valuable user profiles. It
can be noted, however, that some navigations -- to a varying and often inadequate extent -- allow
use of these cookies to be blocked.
5. PROTECTION FROM ELECTRONIC SURVEILLANCE
A. Encryption (Cryptography)
Finally, new information technologies include the privacy of individuals, the security of data in
the computer or on the network, and the availability of encryption software to protect data in the
event they are intercepted. In this context, privacy refers to controlling the dissemination and use
of data, including information that are unintentionally revealed as a by-product of the use of the
information technologies themselves.
Security refers to the integrity of the data storage, processing, and transmitting systems and
includes concerns about the reliability of the hardware and software, the protections against
intrusion into the theft of the computer equipment, and the resistance of computer systems to
infiltration by unpermitted users, that is, "hacking". Encryption is the practice of encoding data
so that even if a computer or network is compromised, the data's content will remain secret.
Security and encryption issues are important because they are central to public confidence in
networks and to the use of the systems for the sensitive or secret data, such as the processing of
information touching on national security. These issues are surpassingly controversial because of
governments' interest in preventing digital information from being impervious to official
interception and decoding for low enforcement and other purposes.
Private sector initiatives
A large number of private sector interests, in the United States in particular, are attempting, a
view to fostering electronic commerce, to promote technological solutions that will provide a a1
practical response to consumers concerns while still preserving business interests. In other
words, they are starting to explore ways and means of making privacy work in communication
networks. These initiatives go in the right direction and it would be worthwhile for governments
to engage in a dialogue on the basis.
As an example, Netscape joined by Microsoft, is leading an industry initiative (40 companies) to
cope with privacy issues and proposes standard software intended to enable computer users to
control what personal information is obtained when they visit Internet sites and how the
information is used, as well as avoid unwanted e-mail. The proposal, called the OPS -- Open
Profiling Standard --, which has been submitted to the World Wide Web Consortium -- W3C,
provides the users with a way to pre-package the personal registration information Web sites